Security at every layer.
Encryption at rest and in transit, fine-grained access controls, customer-managed keys, and a complete, append-only audit trail.
At rest & in transit.
AES-256 at rest. TLS 1.3 in transit. Customer-managed keys (CMEK) available on single-tenant and VPC deployments.
SSO, SCIM, RBAC.
SAML and OIDC SSO. SCIM provisioning. Fine-grained role-based access at the workspace, space, and workflow level.
Every action, logged.
Append-only audit log with optional streaming to S3, GCS, or your SIEM. Tamper-evident hashing.
Continuously tested.
Annual third-party pentests. Continuous vulnerability scanning. A public bug bounty program (HackerOne).
Zero trust by default.
Short-lived credentials, device posture checks, just-in-time elevation for sensitive actions.
Data minimization.
Customer data is never used to train shared models. Embeddings stay in your region; you control retention.
Report a vulnerability.
If you've found a security issue, email security@worklyne.com. PGP key on request. We acknowledge within 24 hours and publish a coordinated disclosure with credit.
Worklyne